Sign up for our weekly security newsletter

Caching Servers Shelter Malware

On October 12, 2006 Finjan Software released its latest Web trends report. The report said the 'caching technology' that search engines, ISPs and big companies use, shelter certain types of malicious code even after the closure of the Web site that hosted it.

These "infection-by-proxy" codes can hang on caches for around two weeks giving it a 'life after death' when conventionally the code is assumed to be neutralized. Caching does not store copies of everything on a website except html-based code, and programming language like JavaScript.

The report also said that cyber criminals are extensively using Web 2.0 as basis to upload their malware to popular websites, permitting them to harm online users.

According to Yuval Ben-Itzhak, 'Chief Technology Officer' at Finjan, the existing URL filtering products in organizations are insufficient to block the 'known' websites holding the malicious codes. Therefore, he stresses on the use of proactive technology that would analyze the content rather than the origin of web addresses.

In the presence of such exploits, there are chances for storage and caching servers could inadvertently become 'legitimate' storing places for malware. The 'infection-by-proxy' creates new risks for corporates and consumers. With the continuous growth of malicious websites, it is necessary to spread users' awareness about the possible dangers characteristic of cached web pages.

The greatest threat businesses are facing come from web surfing. The current mechanisms to remove such malicious material from the web are simply inadequate to fight the serious and increasing threat. Although the Internet and 'branch office networks' provide facilities to instantly share and act on information, they can also cause risk of sharing and spreading dangerous attacks from hackers and malware.

In order to protect from malware, use of security solutions that analyze each web request is helpful. Conducting behavior-based analysis of web content on the gateway linking the browser and web servers is one way to achieve this. The behavior-based security analyzes every piece of content irrespective of its source of origin. The technology would not allow the malicious content to enter the network even if it originates from a known and trusted site.